39 research outputs found
Geração de números verdadeiramente aleatórios baseados em ruÃdo quântico
Quantum Random Number Generators (QRNGs) promise information-theoretic security
by exploring the intrinsic probabilistic properties of quantum mechanics. In
practice, their security frequently relies on a number of assumptions over physical
devices. In this thesis, a randomness generation framework that explores the
amplitude quadrature fluctuations of a vacuum state was analyzed. It employs a
homodyne measurement scheme, which can be implemented with low-cost components,
and shows potential for high performance with remarkable stability.
A mathematical description of all necessary stages was provided as security proof,
considering the quantization noise introduced by the analog-to-digital converter.
The impact of experimental limitations, such as the digitizer resolution or the
presence of excess noise due to an unbalanced detection, was characterized. Moreover,
we propose a framework to estimate the excess entropy introduced by an
unbalanced detection, and its high impact within the Shannon entropy model was
experimentally verified.
Furthermore, a real-time dedicated QRNG scheme was implemented and validated.
The variance characterization curve of the homodyne detector was measured, and
the quantum fluctuations were determined to be preponderant for an impinging
power PLO < 45.7mW. By estimating the worst-case min-entropy conditioned on
the electronic noise, approximately 8.39 true random bits can be extracted from
each sample, yielding a maximum generation rate of 8.23 Gbps. With a lengthcompatible
Toeplitz-hashing algorithm, these can be extracted at 75 Mbps with an
upper security bound of 2−105, which illustrates the quality of this implementation.
Moreover, the generation scheme was validated and verified to pass all the statistical
tests of the NIST, DieHarder, and TestU01’s SmallCrush batteries, as well as
most of TestU01’s Crush evaluations.
Finally, we propose a framework for time-interleaving the entropy source within
a classical communication channel, which removes the need for a dedicated generation
device. After assessing the conditions where quantum noise is dominant,
support for generation rates up to 1.3 Gbps was observed. The random bitstream
was subjected to the NIST randomness test suite and consistently passed all evaluations.
Moreover, a clean quadrature phase shift keying constellation was recovered,
which supports the multi-purpose function of the scheme.Geradores quânticos de números aleatórios (QRNGs) prometem sistemas
informação-teoricamente seguros explorando as propriedades intrinsecamente probabilÃsticas
da mecânica quântica. No entanto, experimentalmente, um conjunto
de pressupostos é tipicamente imposto sobre os dispositivos experimentais. Nesta
dissertação, analisou-se uma abordagem para geração de números aleatórios que
explora as flutuações de amplitude em quadratura de um estado vácuo. Para tal,
recorre-se a um esquema de deteção homodina que permite um elevado desempenho
e estabilidade, requerendo apenas dispositivos de baixo custo.
Um modelo matemático das diferentes etapas do gerador foi desenvolvido de forma
a fornecer uma prova de segurança, e contabilizou-se o ruÃdo de discretização introduzido
pelo conversor analógico-digital. Adicionalmente, caracterizou-se o impacto
de imperfeições experimentais como a resolução do conversor analógico-digital e a
presença de ruÃdo em excesso como consequência de uma deteção não balanceada.
Uma abordagem para estimar esta contribuição no modelo de entropia de Shannon
foi também proposta e experimentalmente verificada.
Adicionalmente, uma implementação em tempo-real foi caracterizada. A curva
de caracterização do detetor homodino foi experimentalmente verificada, e uma
preponderância de ruÃdo quântico observado para potências óticas inferiores a
45.7mW. Através de uma estimativa da min-entropy condicionada ao ruÃdo eletrónico,
aproximadamente 8.39 bits por medição podem ser extraÃdos, o que corresponde
a uma taxa de geração máxima de 8.23 Gbps. Estes podem ser extraÃdos
a uma taxa de 75 Mbps com um parâmetro de segurança de 2−105, ilustrativo da
qualidade desta implementação, através de um algoritmo eficiente de multiplicação
de matrizes de Toeplitz. Posteriormente, o esquema foi validado, passando todos
os testes estatÃsticos das baterias NIST, DieHarder, e SmallCrush, assim como a
maioria das avaliações contidas na bateria Crush.
Por último, foi proposta uma abordagem para integrar esta fonte de entropia num
canal de comunicação clássico, removendo desta forma a necessidade de uma implementação
dedicada. Após avaliação das condições de preponderância do ruÃdo
quântico, foram observadas taxas de geração até 1.3 Gbps. Os números obtidos
foram também submetidos à bateria de testes do NIST, passando consistentemente
todas as avaliações. Adicionalmente, a constelação de modulação de amplitude em
quadratura obtida viabiliza a operação multifuncional do sistema.Mestrado em Engenharia FÃsic
Analysis of partial match queries in multidimensional search trees
A la portada diu "Article-based thesis". Tesi amb diferents seccions retallades per dret de l'editor.The main contribution of this thesis is to deepen and generalize previous work done in the average-case analysis of partial match queries in several types of multidimensional search trees. In particular, our focus has been the analysis of fixed PM queries. Our results about them generalize previous results which covered the case where only one coordinate is specified in the PM query- and for any dimension-or the case of 2-dimensional data structures. Using a combinatorial approach, different to the probabilistic approaches used by other researchers, we obtain asymptotic formulas for the expected cost of fixed PM queries in relaxed and standard K-d trees. We establish that, in both cases, the expected cost satisfies a common pattern in the relationship with the expected cost of random PM queries. Moreover, the same pattern appeared in the analysis, previously done by other researchers, of the expected cost of fixed partial match in 2-dimensional quad trees. Those results led us to conjecture that such formula would be pervasive to describe the expected cost of partial match queries in many different multidimensional trees, assuming some additional technical conditions about the family of multidimensional search trees under consideration. Indeed, we prove this to be the case also for K-dimensional quad trees.
However, we disprove that conjecture for a new variant of K-d trees with local balancing that we define: relaxed K-dt trees. We analyze the expected cost of random PM queries and fixed PM queries in them and, while we do not find a closed-form expression for the expected cost of xed PM queries, we prove that it cannot be of the same form that we had conjectured.
For random PM queries in both relaxed and standard K-dt trees, we obtain two very general results that unify several specific results that appear scattered across the literature. Finally, we also analyze random PM queries in quad-K-d trees -a generalization of both quad trees and K-d trees- and obtain a very general result that includes as particular cases previous results in relaxed K-d trees and quad trees.La principal contribución de esta tesis es profundizar y generalizar resultados anteriores referentes al análisis en caso medio de búsquedas parciales en varios tipos de árboles multidimensionales de búsqueda. En particular nos enfocamos en el análisis de búsquedas parciales fijas. Nuestros resultados sobre ellas generalizan resultados previos que cubren el caso donde solamente una coordenada es especificada en la búsqueda parcial-y para cualquier dimensión-o el caso de estructuras de datos de dos dimensiones. Usando un enfoque combinatorio, diferente a los enfoques probabilÃsticos utilizados por otros investigadores, obtenemos fórmulas asintóticas para el costo esperado de búsquedas parciales fijas en árboles K-d relajados y estándares. Establecemos que, en ambos casos, el costo esperado satisface un patrón común en la relación con el costo esperado de búsquedas parciales aleatorias. Además, el mismo patrón apareció en el análisis, previamente hecho por otros investigadores, del costo esperado de búsquedas parciales fijas en quadtrees de dos dimensiones. Esos resultados nos llevaron a conjeturar que tal fómula serÃa generalizada para describir el costo esperado de consultas de búsqueda parcial en muchos árboles multidimensionales diferentes, asumiendo algunas condiciones técnicas adicionales sobre la familia de árboles multidimensionales de búsqueda bajo consideración. De hecho, demostramos que este también es el caso en quadtrees de K dimensiones. Sin embargo, definimos una nueva variante de árboles K-d con reorganizacion local que cumplen tales condiciones, los árboles K-dt relajados, analizamos el costo esperado de búsquedas parciales aleatorias y fijas en ellos y, aunque no encontramos una expresión cerrada para el coste esperado de las búsquedas parciales fijas, demostramos que no puede ser de la misma forma que habÃamos conjeturado. También obtenemos dos resultados muy generales para busquedas parciales aleatorias en árboles K-dt relajados y estándares que unifican varios resultados especÃficos que aparecen dispersos en la literatura. Finalmente, analizamos búsquedas parciales aleatorias en una generalizacion de quadtrees y árboles K-d, llamada árboles quad-K-d, y obtenemos un resultado general que incluye como casos particulares resultados previos en árboles K-d relajados y quadtrees.Són moltes les aplicacions en què es requereix administrar col·leccions de dades multidimensionals, en les quals cada objecte és identificat per un punt en un espai real o abstracte; un exemple paradigmà tics són els sistemes d’informació geogrà fica. Aquestes aplicacions fan servir sovint estructures de dades multidimensionals que permetin consultes associatives -aquelles on s'especifiquen condicions per a més d'una coordenada- a més de les operacions tradicionals d’inserció, actualització, eliminació i cerca exacta. Un dels principals tipus de consultes associatives és la cerca parcial, on només s'especifiquen algunes coordenades i l'objectiu és determinar quins objectes coincideixen amb elles. Les consultes de cerca parcial són particularment importants perquè la seva anà lisi forma la base de l’anà lisi d'altres tipus de consultes associatives, com ara les cerques per rangs ortogonals (quins punts estan dins d'una à rea (hiper)rectangular donada?), les consultes per regió (per exemple, donats un punt i una distà ncia, quins punts estan a aquesta distà ncia o menys d'aquest punt?) o les consultes del veà més proper (on cal trobar els k punts més propers a un punt donat).
En aquesta tesi analitzem en profunditat el rendiment mitjà de les cerques parcials en arbres multidimensionals de cerca representatius, els quals constitueixen una subclasse significativa de les estructures de dades multidimensionals. Els arbres multidimensionals de cerca, en particular els quadtrees i els arbres K-d, van ser definits a mitjans de la dècada dels anys 1970 com una generalització dels arbres binaris de cerca. Les consultes de cerca parcial s'hi responen realitzant un recorregut recursiu d'alguns subarbres. Durant molts anys l’anà lisi en arbres multidimensionals de cerca es va fer amb la suposició important, i sovint implÃcita, que en cada crida recursiva es generen a l'atzar noves coordenades de la consulta de cerca parcial.
La raó d'aquesta suposició simplificadora va ser que, per als costos mitjans, aquesta anà lisi és equivalent a analitzar el rendiment de l'algorisme de cerca parcial quan l'entrada és una consulta de cerca parcial aleatòria. A principis d'aquesta dècada, alguns equips van començar a analitzar el cas mitjà de cerques parcials sense aquesta suposició: les coordenades especificades de la consulta romanen fixes durant totes les crides recursives. Aquestes consultes s'anomenen cerques parcials fixes. L'objectiu d'aquest enfocament recent és analitzar el rendiment de l'algorisme de cerca parcial, però ara les quantitats d’interès depenen de la consulta particular q donada com a entrada.
L’anà lisi de cerques parcials fixes, juntament amb el de les aleatòries -que té un paper important per a l’anà lisi de les primeres- ens dóna una descripció molt detallada i precisa del rendiment de l'algorisme de cerca parcial que podria ser estesa a altres consultes associatives rellevants.
La principal contribució d'aquesta tesi és aprofundir i generalitzar resultats previs referents a l’anà lisi en cas mitjà de les cerques parcials en diversos tipus d'arbres multidimensionals de cerca. En particular ens enfoquem en l’anà lisi de les cerques parcials fixes. Els nostres resultats en generalitzen resultats previs
els quals cobreixen el cas on només una coordenada està especificada a la cerca parcial i per a qualsevol dimensió no el cas d'estructures de dades de dues dimensions. Usant un enfocament combinatori, diferent als enfocaments probabilÃstics utilitzats per altres investigadors, obtenim fórmules asimptòtiques per al cost esperat de cerques parcials fixes en arbres K-d relaxats i està ndards.
Establim que, en tots dos casos, el cost esperat satisfà un patró comú en la relació amb el cost esperat de cerques parcials aleatòries. A més, el mateix patró va aparèixer en l’anà lisi, prèviament fet per altres investigadors, del cost esperat de cerques parcials fixes en quadtrees de dues dimensions. Aquests
resultats ens van portar a conjecturar que tal fórmula seria general per descriure el cost esperat de consultes de cerca parcial en molts arbres multidimensionals diferents, assumint algunes condicions tècniques addicionals sobre la famÃlia d'arbres multidimensionals de cerca sota consideració. De fet, demostrem que aquest és també el cas pels quadtrees de K dimensions.
Tanmateix, definim una nova variant de arbres K-d amb equilibri local que compleixen aquestes condicions, els arbres K-dt relaxats, n'analitzem el cost esperat de cerques parcials aleatòries i fixes i, tot i no trobar una expressió tancada per al cost esperat de les cerques parcials fixes, demostrem que no pot ser de la mateixa forma que havÃem conjecturat.
També obtenim dos resultats molt generals per a les cerques parcials aleatòries en arbres K-dt relaxats i està ndards, els quals unifiquen diversos resultats especÃfics que apareixen dispersos a la literatura. Finalment, analitzem cerques parcials aleatòries en una generalització de quadtrees i arbres K-d, anomenada arbres quad-K-d, i obtenim un resultat general que inclou com a casos particulars resultats previs en arbres K-d relaxats i quadtreesPostprint (published version
On the performance of helper data template protection schemes
The use of biometrics looks promising as it is already being applied in elec- tronic passports, ePassports, on a global scale. Because the biometric data has to be stored as a reference template on either a central or personal storage de- vice, its wide-spread use introduces new security and privacy risks such as (i) identity fraud, (ii) cross-matching, (iii) irrevocability and (iv) leaking sensitive medical information. Mitigating these risks is essential to obtain the accep- tance from the subjects of the biometric systems and therefore facilitating the successful implementation on a large-scale basis. A solution to mitigate these risks is to use template protection techniques. The required protection properties of the stored reference template according to ISO guidelines are (i) irreversibility, (ii) renewability and (iii) unlinkability. A known template protection scheme is the helper data system (HDS). The fun- damental principle of the HDS is to bind a key with the biometric sample with use of helper data and cryptography, as such that the key can be reproduced or released given another biometric sample of the same subject. The identity check is then performed in a secure way by comparing the hash of the key. Hence, the size of the key determines the amount of protection. This thesis extensively investigates the HDS system, namely (i) the the- oretical classication performance, (ii) the maximum key size, (iii) the irre- versibility and unlinkability properties, and (iv) the optimal multi-sample and multi-algorithm fusion method. The theoretical classication performance of the biometric system is deter- mined by assuming that the features extracted from the biometric sample are Gaussian distributed. With this assumption we investigate the in uence of the bit extraction scheme on the classication performance. With use of the the- oretical framework, the maximum size of the key is determined by assuming the error-correcting code to operate on Shannon's bound. We also show three vulnerabilities of HDS that aect the irreversibility and unlinkability property and propose solutions. Finally, we study the optimal level of applying multi- sample and multi-algorithm fusion with the HDS at either feature-, score-, or decision-level
Assumptions in Quantum Cryptography
Quantum cryptography uses techniques and ideas from physics and computer
science. The combination of these ideas makes the security proofs of quantum
cryptography a complicated task. To prove that a quantum-cryptography protocol
is secure, assumptions are made about the protocol and its devices. If these
assumptions are not justified in an implementation then an eavesdropper may
break the security of the protocol. Therefore, security is crucially dependent
on which assumptions are made and how justified the assumptions are in an
implementation of the protocol.
This thesis is primarily a review that analyzes and clarifies the connection
between the security proofs of quantum-cryptography protocols and their
experimental implementations. In particular, we focus on quantum key
distribution: the task of distributing a secret random key between two parties.
We provide a comprehensive introduction to several concepts: quantum mechanics
using the density operator formalism, quantum cryptography, and quantum key
distribution. We define security for quantum key distribution and outline
several mathematical techniques that can either be used to prove security or
simplify security proofs. In addition, we analyze the assumptions made in
quantum cryptography and how they may or may not be justified in
implementations.
Along with the review, we propose a framework that decomposes
quantum-key-distribution protocols and their assumptions into several classes.
Protocol classes can be used to clarify which proof techniques apply to which
kinds of protocols. Assumption classes can be used to specify which assumptions
are justified in implementations and which could be exploited by an
eavesdropper. Two contributions of the author are discussed: the security
proofs of two two-way quantum-key-distribution protocols and an intuitive proof
of the data-processing inequality.Comment: PhD Thesis, 221 page
Dial C for Cipher
We introduce C, a practical provably secure block cipher with a slow key schedule. C is based on the same structure as AES but uses independent random substitution boxes instead of a fixed one. Its key schedule is based on the Blum-Blum-Shub pseudo-random generator, which allows us to prove that all obtained security results are still valid when taking into account the dependencies between the round keys. C is provably secure against several general classes of attacks. Strong evidence is given that it resists an even wider variety of attacks. We also propose a variant of C with simpler substitution boxes which is suitable for most applications, and for which security proofs still hold
Blockchain Enabled Platforms for the Internet of Things
The Blockchain and the Internet of Things (IoT) have gained a lot of attention in the
last few years, since both technologies enable the possibility of creating a more connected
and independent world. This combination enables the design of computing systems and
cyber-physical environments without the need of centralized trusted entities, giving users
the freedom and control of their operations, in a decentralized ledger model. By using
storing and logging mechanisms supported by the Blockchain, data is immutable and
independently audited, guaranteeing that it is neither modified nor deleted. At the same
time, applications can benefit from the reliability and fault-tolerance assumptions provided
by the Blockchain in supporting transactions between users and involved devices.
In this thesis, it was studied and proposed a generic solution for a Blockchain-enabled
IoT software architecture. The proposed solution enables the advantages of using decentralized
logging and ledgering, without the interference of central authorities, inherently
supported by the base Blockchain reliability, availability and security foundations. These
capabilities are envisaged as key-benefits for a new generation of clean-slate approaches
for IoT applications with the required scalability criteria.
The research conducted in the dissertation work, studied the base software foundations,
relevant components and implementation options that enable the identified advantages
of using Blockchain components and services, to leverage more scalable and
trustable IoT platforms. Our proposed solution aims to provide an architecture that contributes
to a more appropriate design for secure and reliable IoT systems. In this trend
we propose a better use of edge-based support for local-enabled processing environments
supporting IoT devices and users’ interactions, with operations intermediated by proximity
hubs acting as gateways to the Blockchain, where the operations are regulated and
controlled by verifiable smart-contracts involving data and transactions
On Some Symmetric Lightweight Cryptographic Designs
This dissertation presents cryptanalysis of several symmetric lightweight primitives, both stream ciphers and block ciphers. Further, some aspects of authentication in combination with a keystream generator is investigated, and a new member of the Grain family of stream ciphers, Grain-128a, with built-in support for authentication is presented. The first contribution is an investigation of how authentication can be provided at a low additional cost, assuming a synchronous stream cipher is already implemented and used for encryption. These findings are then used when presenting the latest addition to the Grain family of stream ciphers, Grain-128a. It uses a 128-bit key and a 96-bit initialization vector to generate keystream, and to possibly also authenticate the plaintext. Next, the stream cipher BEAN, superficially similar to Grain, but notably using a weak output function and two feedback with carry shift registers (FCSRs) rather than linear and (non-FCSR) nonlinear feedback shift registers, is cryptanalyzed. An efficient distinguisher and a state-recovery attack is given. It is shown how knowledge of the state can be used to recover the key in a straightforward way. The remainder of this dissertation then focuses on block ciphers. First, a related-key attack on KTANTAN is presented. The attack notably uses only a few related keys, runs in less than half a minute on a current computer, and directly contradicts the designers' claims. It is discussed why this is, and what can be learned from this. Next, PRINTcipher is subjected to linear cryptanalysis. Several weak key classes are identified and it is shown how several observations of the same statistical property can be made for each plaintext--ciphertext pair. Finally, the invariant subspace property, first observed for certain key classes in PRINTcipher, is investigated. In particular, its connection to large linear biases is studied through an eigenvector which arises inside the cipher and leads to trail clustering in the linear hull which, under reasonable assumptions, causes a significant number of large linear biases. Simulations on several versions of PRINTcipher are compared to the theoretical findings
Secure and Usable User Authentication
Authentication is a ubiquitous task in users\u27 daily lives. The dominant form of user authentication are text passwords. They protect private accounts like online banking, gaming, and email, but also assets in organisations. Yet, many issues are associated with text passwords, leading to challenges faced by both, users and organisations. This thesis contributes to the body of research enabling secure and usable user authentication, benefiting both, users and organisations. To that end, it addresses three distinct challenges.
The first challenge addressed in this thesis is the creation of correct, complete, understandable, and effective password security awareness materials. To this end, a systematic process for the creation of awareness materials was developed and applied to create a password security awareness material. This process comprises four steps. First, relevant content for an initial version is aggregated (i.e. descriptions of attacks on passwords and user accounts, descriptions of defences to these attacks, and common misconceptions about password and user account security). Then, feedback from information security experts is gathered to ensure the correctness and completeness of the awareness material. Thereafter, feedback from lay-users is gathered to ensure the understandability of the awareness material. Finally, a formal evaluation of the awareness material is conducted to ensure its effectiveness (i.e. whether the material improves participant\u27s ability to assess the security of passwords as well as password-related behaviour and decreases the prevalence of common misconceptions about password and user account security). The results of the evaluation show the effectiveness of the awareness material: it significantly improved the participants\u27 ability to assess the security of password-related behaviour as well as passwords and significantly decreased the prevalence of misconceptions about password and user account security.
The second challenge addressed in this thesis is shoulder-surfing resistant text password entry with gamepads (as an example of very constrained input devices) in shared spaces. To this end, the very first investigation of text password entry with gamepads is conducted. First, the requirements of authentication in the gamepad context are described. Then, these requirements are applied to assess schemes already deployed in the gamepad context and shoulder-surfing resistant authentication schemes from the literature proposed for non-gamepad contexts. The results of this assessment show that none of the currently deployed and only four of the proposals in the literature fulfil all requirements. Furthermore, the results of the assessment also indicate a need for an empirical evaluation in order to exactly gauge the shoulder-surfing threat in the gamepad context and compare alternatives to the incumbent on-screen keyboard. Based on these results, two user studies (one online study and one lab study) are conducted to investigate the shoulder-surfing resistance and usability of three authentication schemes in the gamepad context: the on-screen keyboard (as de-facto standard in this context), the grid-based scheme (an existing proposal from the literature identified as the most viable candidate adaptable to the gamepad context during the assessment), and Colorwheels (a novel shoulder-surfing resistant authentication scheme specifically designed for the gamepad context). The results of these two user studies show that on-screen keyboards are highly susceptible to opportunistic shoulder-surfing, but also show the most favourable usability properties among the three schemes. Colorwheels offers the most robust shoulder-surfing resistance and scores highest with respect to participants\u27 intention to use it in the future, while showing more favourable usability results than the grid-based scheme.
The third challenge addressed in this thesis is secure and efficient storage of passwords in portfolio authentication schemes. Portfolio authentication is used to counter capture attacks such as shoulder-surfing or eavesdropping on network traffic. While usability studies of portfolio authentication schemes showed promising results, a verification scheme which allows secure and efficient storage of the portfolio authentication secret had been missing until now. To remedy this problem, the (t,n)-threshold verification scheme is proposed. It is based on secret sharing and key derivation functions. The security as well as the efficiency properties of two variants of the scheme (one based on Blakley secret sharing and one based on Shamir secret sharing) are evaluated against each other and against a naive approach. These evaluations show that the two (t,n)-threshold verification scheme variants always exhibit more favourable properties than the naive approach and that when deciding between the two variants, the exact application scenario must be considered. Three use cases illustrate as exemplary application scenarios the versatility of the proposed (t,n)-threshold verification scheme.
By addressing the aforementioned three distinct challenges, this thesis demonstrates the breadth of the field of usable and secure user authentication ranging from awareness materials, to the assessment and evaluation of authentication schemes, to applying cryptography to craft secure password storage solutions. The research processes, results, and insights described in this thesis represent important and meaningful contributions to the state of the art in the research on usable and secure user authentication, offering benefits for users, organisations, and researchers alike